[Skiboot] [PATCH] secvar: Free md context on hash error

Nick Child nnac123 at gmail.com
Thu Aug 12 01:02:31 AEST 2021


There were a few instances in `get_hash_to_verify` where NULL is
returned before unallocating the md context. This commit ensures that
this memory is properly freed before returning.

Signed-off-by: Nick Child <nick.child at ibm.com>
---
 libstb/secvar/backend/edk2-compat-process.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libstb/secvar/backend/edk2-compat-process.c b/libstb/secvar/backend/edk2-compat-process.c
index bd7a0abb..770c3706 100644
--- a/libstb/secvar/backend/edk2-compat-process.c
+++ b/libstb/secvar/backend/edk2-compat-process.c
@@ -643,7 +643,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data,
 	    || key_equals(key, "dbx"))
 		guid = EFI_IMAGE_SECURITY_DATABASE_GUID;
 	else
-		return NULL;
+		goto out;
 
 	/* Expand char name to wide character width */
 	varlen = strlen(key) * 2;
@@ -672,7 +672,7 @@ static char *get_hash_to_verify(const char *key, const char *new_data,
 
 	hash = zalloc(32);
 	if (!hash)
-		return NULL;
+		goto out;
 	rc = mbedtls_md_finish(&ctx, hash);
 	if (rc) {
 		free(hash);
-- 
2.25.1



More information about the Skiboot mailing list